SharePoint24x7 It's all about SharePoint.

Article – Configuring User Profile Services in SharePoint Server 2010

There are number of things which we need to do manually right after installing SharePoint Server 2010. Enabling Activity Feed Timer Job which unlocks the full power of social networking capabilities is one of them and I already discussed about it in a previous article.

The profile import architecture in SharePoint 2010 is all new. Now it uses the same .NET connectors that Search and BDC are using. At the same time it’s very important to note that getting profile import configured is not that easy since the configuration is little weird.

Before we get in to the actual user profile configuration, there is a mandatory home-work need to be performed. That is the service account you are planning to use for this service application to run, must be a member of Local Administrators group of the server. And if you are planning to configure this in multiple servers, then this has to be done in all the servers. In case if you are running SharePoint 2010 on a server which contains an Active Directory, then the service account needs to be part of the Domain Admins group, since there is no Local Administrators group.

I’m running a Single-server SharePoint 2010 farm on VMware and I have an Active Directory configured already. So as the 1^st step, I will do the home-work of adding the service account to Domain Admins group as illustrated below:

1. Open the Active Directory Users and Computers by going to Start -> Administrative Tools -> Active Directory Users and Commuters.
2. Right-click the service account you wish to configure for profile import service application to run and select Properties. In my VM the account is, SP_Farm.
3. Go to Member Of tab, and select Add… to add a new group membership.
   

   User Account Properties

4. Type Domain Admins and click Check Names to resolve the name correctly.
   

   Adding Domain Admins Membership

   

   Adding Domain Admins Membership

5. Click OK and OK to close all the opened windows.

Unfortunately, in order to take effect this change, you must restart the server. Go ahead and restart, before you get your fingers burnt.

After you restart the server, we can go and start the User Profile Synchronization Service as illustrated below:

1. Navigate to SharePoint 2010 Central Administration site.
2. From the System Settings section, select Manage services on server link.
   

   Manage services on the server

3. Services on Server: page shows all the services installed in the server. Scroll down until you see User Profile Synchronization Service. Click Start link in the Action column for the User Profile Synchronization Service.
   

   User Profile Synchronization Service

4. Next screen prompt you for the credentials required to run this service application. Since we have already configured our account as a member of either Local Administrators or Domain Admins group we can enter Password: and Confirm password: for the same account, and click OK.
   

   Initial Configuring User Profile Synchronization Service

5. This is where SharePoint team checks your patience.  Status of the User Profile Synchronization Service will say Starting for few minutes. In my VM, it took 4 minutes and it can go even longer than that. Keep on refreshing the page and as long as it says Starting, you are good.
   

   User Profile Synchronization Service Status - Starting

6. After few minutes, status will become Started.
   

   User Profile Synchronization Service Status - Started

Before proceed to next set of configuration steps, remember to restart your IIS by following:

1. Click Start -> All Programs -> Accessories -> Command Prompt.
2. Type iisreset and press Enter.
3. When it completes, type exit and press Enter.

After restarting IIS, proceed to configuring the User Profile Synchronization connections:

1. Navigate to SharePoint 2010 Central Administration site.
2. From Application Management section, select Manage service applications link.
   

   Manage service applications

3. From the Service Applications page, scroll down until you see User Profile Service Application. Click the User Profile Service Application link.
   

   User Profile Service Application

4. You will be taken to Manage Profile Service: User Profile Service Application page. From the Synchronization section, select Configure Synchronization Connection link.
   

   to Manage Profile Service: User Profile Service Application

5. You will be taken to Synchronization Connections page. Select Create New Connection link to configure new profile import connection.
   

   User Profile Service Application - Connection

6. You will be taken to Add new synchronization connection page. Specify a meaningful name for the Connection Name. Select Active Directory for the Type. In the Connection Settings section, specify the forest name for the Forest name: field and enter the service account name in the form of DOMAIN\account for the Account name: field and enter the password for Password: and Confirm password: filed.
   

   User Profile Service Application - Connection Settings

7. Click Populate Containers button. This will communicate with the given forest and populate the containers such as Users, Groups and OUs.
8. Scroll down and select the Users container and click OK.
   

   User Profile Service Application - Connection Settings

   

   User Profile Service Application

Now that you have configured your User Profile Synchronization Service to communicate with the Active Directory Users container, next you need to fire it up so that it can bring the users from Active Directory into SharePoint. Let’s go and start a Full Import to get all the users.

1. From Application Management section, select Manage service applications link.
   

   Manage service applications

2. From the Service Applications page, scroll down until you see User Profile Service Application. Click the User Profile Service Application link.
   

   User Profile Service Application

3. You will be taken to Manage Profile Service: User Profile Service Application page. From the Synchronization section, select Start Profile Synchronization link.
   

   Manage Profile Service: User Profile Service Application

4. You will be taken to Start Profile Synchronization page. Select Start Full and click OK.
   

   Start Full Profile Synchronization

5. Now you are back in Manage Profile Service: User Profile Service Application page. Observe the right side of the Manage Profile Service: User Profile Service Application page. Initially, Number of User Profiles will be 0. And the Profile Synchronization Status will change from Idle to Synchronizing.
   

   Starting Full Profile Synchronization

6. Keep on refreshing the page and after few minutes, you will see Profile Synchronization Status will come back to Idle. Also Number of User Profiles will show a number indicating how many profiles were synchronized. Be patience in this step as well since it will take more than you expect to finish the synchronization. I had 6 users and it took nearly 8 minutes to complete this.
   

   Finished Full Profile Synchronization

Now that you have done a full import and I suggest you depending on the frequency of the changes in the Active Directory, you can decide whether you configure an incremental import or not. If it’s a demo setup just like mine, leave it for the moment because you know how to do a full import whenever you need.